<!-- 
RSS generated by JIRA (1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d) at Thu Feb 08 23:28:36 UTC 2024

It is possible to restrict the fields that are returned in this document by specifying the 'field' parameter in your request.
For example, to request only the issue key and summary add field=key&field=summary to the URL of your request.
-->
<rss version="0.92" >
<channel>
    <title>FOLIO Jira</title>
    <link>https://folio-org.atlassian.net</link>
    <description>This file is an XML representation of an issue</description>
    <language>en-us</language>    <build-info>
        <version>1001.0.0-SNAPSHOT</version>
        <build-number>100246</build-number>
        <build-date>07-02-2024</build-date>
    </build-info>

<item>
            <title>[FOLIO-3500] Remove folio-java-docker workarounds for zlib</title>
                <link>https://folio-org.atlassian.net/browse/FOLIO-3500</link>
                <project id="10290" key="FOLIO">FOLIO</project>
                    <description>&lt;p&gt;With 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3480&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3480&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folioci/alpine-jre-openjdk11:1.3.1 ZipException: Corrupt GZIP trailer&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-3480
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3487&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3487&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folioci/alpine-jre-openjdk11: apk upgrade for zlib-1.2.12-r1 fixing ZipException&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-3487
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 we needed to add a workaround for the zlib ZipException on Windows.&lt;/p&gt;

&lt;p&gt;As at 2022-05-12 that fix is still not in eclipse-temurin:11-jre-alpine or eclipse-temurin:17-jre-alpine&lt;br/&gt;
&lt;b&gt;Update&lt;/b&gt; 2022-06-24: Both eclipse-temurin versions were updated two days ago, so should now contain this zlib fix.&lt;/p&gt;

&lt;p&gt;When it is available, then remove the workound in the Dockerfile of both &lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk11/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-tools/folio-java-docker/openjdk11&lt;/a&gt; and &lt;a href=&quot;https://github.com/folio-org/folio-tools/blob/master/folio-java-docker/openjdk17/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;folio-tools/folio-java-docker/openjdk17&lt;/a&gt;,&lt;br/&gt;
and re-build.&lt;/p&gt;</description>
                <environment></environment>
        <key id="82313">FOLIO-3500</key>
            <summary>Remove folio-java-docker workarounds for zlib</summary>
                <type id="10003" iconUrl="https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium">Task</type>
                                            <priority id="10001" iconUrl="https://dev.folio.org/assets/jira-priority/jira-p2.svg">P2</priority>
                        <status id="6" iconUrl="https://folio-org.atlassian.net/images/icons/statuses/closed.png" description="The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.">Closed</status>
                    <statusCategory id="3" key="done" colorName="green"/>
                                    <resolution id="10001">Duplicate</resolution>
                                                        <assignee accountid="61cd0ca0bce5e00069e98be7">David Crossley</assignee>
                                                                <reporter accountid="61cd0ca0bce5e00069e98be7">David Crossley</reporter>
                                    <labels>
                            <label>security</label>
                    </labels>
                <created>Thu, 12 May 2022 04:15:39 +0000</created>
                <updated>Mon, 27 Jun 2022 06:49:37 +0000</updated>
                            <resolved>Mon, 27 Jun 2022 06:49:37 +0000</resolved>
                                                                        <due></due>
                            <votes>0</votes>
                                    <watches>2</watches>
                                                                <comments>
                                                            <comment id="198004" author="5ee89462f7aa140abd82d11d" created="Fri, 24 Jun 2022 07:35:01 +0000"  >&lt;p&gt;I don&apos;t see &quot;apk upgrade&quot; as workaround.&lt;/p&gt;

&lt;p&gt;To the contrary, this is a good security measure.&lt;/p&gt;

&lt;p&gt;To foster caching of Docker layers the alpine and the temurin image don&apos;t use &quot;apk upgrade&quot; and therefore may contain outdated packages with bugs and security vulnerabilities.&lt;/p&gt;

&lt;p&gt;It&apos;s the responsibility of folioci/alpine-jre-openjdk* to run &quot;apk upgrade&quot;.&lt;/p&gt;

&lt;p&gt;Quote from &lt;a href=&quot;https://snyk.io/blog/take-actions-to-improve-security-in-your-docker-images/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://snyk.io/blog/take-actions-to-improve-security-in-your-docker-images/&lt;/a&gt; : &quot;Any Docker image should be rebuilt regularly to prevent known vulnerabilities in your image that have already been solved.&quot;&lt;/p&gt;

&lt;p&gt;Why &quot;apk upgrade&quot; is recommended now but wasn&apos;t recommended a few years ago: &lt;a href=&quot;https://pythonspeed.com/articles/security-updates-in-docker/&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://pythonspeed.com/articles/security-updates-in-docker/&lt;/a&gt;&lt;/p&gt;

&lt;p&gt;&quot;What you want to do is to pin the base image version and just &lt;tt&gt;apt/apk update&lt;/tt&gt;.&quot; &lt;a href=&quot;https://cloudberry.engineering/article/dockerfile-security-best-practices/#5-do-not-upgrade-your-system-packages&quot; class=&quot;external-link&quot; rel=&quot;nofollow noreferrer&quot;&gt;https://cloudberry.engineering/article/dockerfile-security-best-practices/#5-do-not-upgrade-your-system-packages&lt;/a&gt;&lt;/p&gt;</comment>
                                                            <comment id="198006" author="61cd0ca0bce5e00069e98be7" created="Mon, 27 Jun 2022 06:47:39 +0000"  >&lt;p&gt;Ah, thanks, must have misunderstood the linked tickets 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3480&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3480&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folioci/alpine-jre-openjdk11:1.3.1 ZipException: Corrupt GZIP trailer&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-3480
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 and 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3487&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3487&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;folioci/alpine-jre-openjdk11: apk upgrade for zlib-1.2.12-r1 fixing ZipException&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10303?size=medium&quot; /&gt;
            FOLIO-3487
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
.&lt;/p&gt;

&lt;p&gt;Closing this ticket, and opening 
    &lt;span class=&quot;jira-issue-macro resolved&quot; data-jira-key=&quot;FOLIO-3529&quot; &gt;
                &lt;a href=&quot;https://folio-org.atlassian.net/browse/FOLIO-3529&quot; class=&quot;jira-issue-macro-key issue-link&quot;  title=&quot;Rebuild folioci/alpine-jre-openjdk11 and folioci/alpine-jre-openjdk17&quot; &gt;
            &lt;img class=&quot;icon&quot; src=&quot;https://folio-org.atlassian.net/rest/api/2/universal_avatar/view/type/issuetype/avatar/10318?size=medium&quot; /&gt;
            FOLIO-3529
        &lt;/a&gt;
                                                    &lt;span class=&quot;aui-lozenge aui-lozenge-subtle aui-lozenge-success jira-macro-single-issue-export-pdf&quot;&gt;Closed&lt;/span&gt;
            &lt;/span&gt;
 to rebuild these images.&lt;/p&gt;</comment>
                    </comments>
                <issuelinks>
                            <issuelinktype id="10003">
                    <name>Relates</name>
                                                                <inwardlinks description="relates to">
                                        <issuelink>
            <issuekey id="82326">FOLIO-3480</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="82301">FOLIO-3487</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="82311">FOLIO-3499</issuekey>
        </issuelink>
            <issuelink>
            <issuekey id="82395">FOLIO-3529</issuekey>
        </issuelink>
                            </inwardlinks>
                                    </issuelinktype>
                    </issuelinks>
                <attachments>
                    </attachments>
                <subtasks>
                    </subtasks>
                <customfields>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10000" key="com.atlassian.jira.plugins.jira-development-integration-plugin:devsummarycf">
                        <customfieldname>Development</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10057" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>Development Team</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10155"><![CDATA[FOLIO DevOps]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                <customfield id="customfield_10063" key="com.atlassian.jira.plugin.system.customfieldtypes:float">
                        <customfieldname>PO Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0.0</customfieldvalue>
                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                    <customfield id="customfield_10106" key="com.atlassian.jira.plugin.system.customfieldtypes:select">
                        <customfieldname>RCA Group</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue key="10367"><![CDATA[TBD]]></customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                            <customfield id="customfield_10019" key="com.pyxis.greenhopper.jira:gh-lexo-rank">
                        <customfieldname>Rank</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>0|hzx2vb:r6m1q1i</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    <customfield id="customfield_10020" key="com.pyxis.greenhopper.jira:gh-sprint">
                        <customfieldname>Sprint</customfieldname>
                        <customfieldvalues>
                                <customfieldvalue id="1605">DevOps Sprint 142</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        <customfield id="customfield_10024" key="com.atlassian.jira.ext.charting:firstresponsedate">
                        <customfieldname>[CHART] Date of First Response</customfieldname>
                        <customfieldvalues>
                            <customfieldvalue>Fri, 24 Jun 2022 07:35:01 +0000</customfieldvalue>

                        </customfieldvalues>
                    </customfield>
                                                                <customfield id="customfield_10025" key="com.atlassian.jira.ext.charting:timeinstatus">
                        <customfieldname>[CHART] Time in Status</customfieldname>
                        <customfieldvalues>
                            
                        </customfieldvalues>
                    </customfield>
                                    </customfields>
    </item>
</channel>
</rss>